Manager, Application Security

The Vanguard Group•Charlotte, NC

11d•Hybrid

About The Position

The Security Manager must set high-level strategy and direction for secure software development and supply chain practices, while establishing clear expectations, goals, and success metrics. This role collaborates with cybersecurity experts, technology teams, suppliers, and business leaders to define and enforce controls that protect enterprise assets and critical systems. Mentor and lead a global team of application security professionals to implement security tools for dynamic scanning, and to protect software supply chain, APIs, and AI/ML applications. Collaborate with Vanguard development teams to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC). Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation. Lead secure software supply chain initiatives including SBOM generation, artifact signing and provenance, and alignment with industry standards. Craft and deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices.. Define governance procedures and provide strategic recommendations on security policies for secure application and ML model development. Partner with platform and product teams to triage and remediate threats and vulnerabilities across web, mobile, backend, and ML systems. Create and maintain documentation for integrated security processes, controls, and incident response playbooks. Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats. Translate technical security strategies into business-aligned objectives for product and executive leadership. Establish a governance framework to benchmark program maturity and team performance. Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization.

Requirements

Bachelor’s degree in Computer Science, Engineering, or related field
7+ years of professional experience in Security Management, Application Security, or ML Security
Proven leadership experience in IT Security and governance
Hands-on experience with SAST, DAST, SCA tools
Familiarity with secure ML lifecycle practices (MLSecOps)

Nice To Haves

Strong understanding of secure SDLC, application security testing, and supply chain security
Experience with MLSecOps practices and securing AI/ML pipelines
Familiarity with industry frameworks: OWASP SAMM, BSIMM, SLSA, NIST SSDF
Experience with cloud platforms (AWS, Azure, GCP) and cloud-native security practices
Ability to work independently and define strategic direction without supervision
Excellent communication, leadership, and stakeholder management skills
Certifications such as CISSP, CISM, CSSLP, or equivalent are preferred
Experience with one or more of programming languages such as Python, Java, C#, C++, etc.

Responsibilities

Set high-level strategy and direction for secure software development and supply chain practices.
Collaborate with cybersecurity experts, technology teams, suppliers, and business leaders to define and enforce controls.
Mentor and lead a global team of application security professionals.
Implement and manage security tools within CI/CD pipelines.
Lead secure software supply chain initiatives including SBOM generation, artifact signing and provenance.
Define governance procedures and provide strategic recommendations on security policies.
Partner with platform and product teams to triage and remediate threats and vulnerabilities.
Create and maintain documentation for integrated security processes, controls, and incident response playbooks.
Develop and maintain a technical roadmap for security tooling and controls.
Translate technical security strategies into business-aligned objectives.
Establish a governance framework to benchmark program maturity and team performance.
Stay current on emerging threats and lead knowledge-sharing sessions.